bisecting cause commit starting from b0c3ba31be3e45a130e13b278cf3b90f69bda6f6 building syzkaller on 142a0957d03af017b31e76973bcfafaa098c2b5d testing commit b0c3ba31be3e45a130e13b278cf3b90f69bda6f6 with gcc (GCC) 8.1.0 kernel signature: 388e6520ea078be7006e27b901c5bc8e7d14f7a2f8e7a5a9e633a5f408a05818 run #0: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #1: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #2: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #3: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #4: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #5: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #6: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #7: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #8: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #9: crashed: INFO: task hung in fsnotify_mark_destroy_workfn testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 9975cb47a3f3e95534f4a07adbaecefe5439cc94cc422e8231f9931ee07bb4a0 all runs: OK # git bisect start b0c3ba31be3e45a130e13b278cf3b90f69bda6f6 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 7418 revisions left to test after this (roughly 13 steps) [ffc1c20c46f74e24c3f03147688b4af6e429654a] Merge tag 'for-5.7/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm testing commit ffc1c20c46f74e24c3f03147688b4af6e429654a with gcc (GCC) 8.1.0 kernel signature: a8ea3957508de6d2f94eac6652bbab325c5a1cd4ac9cc74b87a65875127dc056 run #0: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #1: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #2: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #3: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #4: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #5: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #6: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #7: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #8: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #9: crashed: INFO: task hung in fsnotify_mark_destroy_workfn # git bisect bad ffc1c20c46f74e24c3f03147688b4af6e429654a Bisecting: 4131 revisions left to test after this (roughly 12 steps) [56a451b780676bc1cdac011735fe2869fa2e9abf] Merge tag 'ntb-5.7' of git://github.com/jonmason/ntb testing commit 56a451b780676bc1cdac011735fe2869fa2e9abf with gcc (GCC) 8.1.0 kernel signature: 0935f09c5041092177bded2e724031928910d4a02eccf0258d9876ee371e30f2 run #0: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #1: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #2: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #3: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #4: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #5: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #6: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #7: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #8: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #9: crashed: INFO: task hung in fsnotify_connector_destroy_workfn # git bisect bad 56a451b780676bc1cdac011735fe2869fa2e9abf Bisecting: 1643 revisions left to test after this (roughly 11 steps) [49835c15a55225e9b3ff9cc9317135b334ea2d49] Merge tag 'pm-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm testing commit 49835c15a55225e9b3ff9cc9317135b334ea2d49 with gcc (GCC) 8.1.0 kernel signature: 5d77d7c71751115cafa7cd3c893d40e0df04ed014b2620ba80a900a40e400cd7 run #0: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #1: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #2: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #3: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #4: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #5: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #6: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #7: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #8: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #9: boot failed: can't ssh into the instance # git bisect bad 49835c15a55225e9b3ff9cc9317135b334ea2d49 Bisecting: 934 revisions left to test after this (roughly 10 steps) [063d1942247668eb0bb800aef5afbbef337344be] Merge tag 'media/v5.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 063d1942247668eb0bb800aef5afbbef337344be with gcc (GCC) 8.1.0 kernel signature: 8f52bbd6852662e034a66990c9d15970a27189f3ec5fa953da90b747147c41cb all runs: OK # git bisect good 063d1942247668eb0bb800aef5afbbef337344be Bisecting: 516 revisions left to test after this (roughly 9 steps) [e681bb287f40e7a9dbcb04cef80fd87a2511ab86] staging: vt6656: Use DIV_ROUND_UP macro instead of specific code testing commit e681bb287f40e7a9dbcb04cef80fd87a2511ab86 with gcc (GCC) 8.1.0 kernel signature: 7a5829e5f1c2d42f48771a47fe70e0f6267fbcc27ed81f295f130b102506963c all runs: OK # git bisect good e681bb287f40e7a9dbcb04cef80fd87a2511ab86 Bisecting: 266 revisions left to test after this (roughly 8 steps) [db34c5ffee649e2c4c870d1031a996398a187cf5] Merge tag 'usb-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit db34c5ffee649e2c4c870d1031a996398a187cf5 with gcc (GCC) 8.1.0 kernel signature: 04e0b15ad6c2e77c26f6f7f842b527df40f78fa7e79a8a2002188a3d2bd1f177 run #0: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #1: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #2: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #3: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #4: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #5: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #6: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #7: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #8: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #9: crashed: INFO: task hung in fsnotify_connector_destroy_workfn # git bisect bad db34c5ffee649e2c4c870d1031a996398a187cf5 Bisecting: 121 revisions left to test after this (roughly 7 steps) [a8ab3e76297ea85d92f4ee0833bd469816a13ccf] Merge tag 'usb-for-v5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-next testing commit a8ab3e76297ea85d92f4ee0833bd469816a13ccf with gcc (GCC) 8.1.0 kernel signature: 4209c0c43cd70aeee43ff6fde02773717ca8a0fb6fa0eae0eb7de418a5b203bb run #0: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #1: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #2: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #3: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #4: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #5: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #6: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #7: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #8: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #9: crashed: INFO: task hung in fsnotify_connector_destroy_workfn # git bisect bad a8ab3e76297ea85d92f4ee0833bd469816a13ccf Bisecting: 63 revisions left to test after this (roughly 6 steps) [d1c6a769cdf466053ae211789f2b0671c8a72331] usb: typec: mux: Allow the mux handles to be requested with fwnode testing commit d1c6a769cdf466053ae211789f2b0671c8a72331 with gcc (GCC) 8.1.0 kernel signature: f6254833e14a16262850a2d535f373614d68cf665d2f45c96b04b03c28989e13 all runs: OK # git bisect good d1c6a769cdf466053ae211789f2b0671c8a72331 Bisecting: 31 revisions left to test after this (roughly 5 steps) [eeead847487f726fa177d0f4060c4f0816ad9cd9] usb: gadget: amd5536udc: fix spelling mistake "reserverd" -> "reserved" testing commit eeead847487f726fa177d0f4060c4f0816ad9cd9 with gcc (GCC) 8.1.0 kernel signature: 77f3968ca1c81968c50e305a0f0f386cecacc2570daa177b1090cfc253af9f04 run #0: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #1: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #2: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #3: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #4: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #5: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #6: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #7: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #8: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #9: crashed: INFO: task hung in fsnotify_mark_destroy_workfn # git bisect bad eeead847487f726fa177d0f4060c4f0816ad9cd9 Bisecting: 15 revisions left to test after this (roughly 4 steps) [3d157c28d2289edf0439e8308e8de3a06acaaf0e] doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in park mode testing commit 3d157c28d2289edf0439e8308e8de3a06acaaf0e with gcc (GCC) 8.1.0 kernel signature: cae597888670e50775d8e684bbc296f617b30a5ea09d15a70dc98e6dae0c339f all runs: OK # git bisect good 3d157c28d2289edf0439e8308e8de3a06acaaf0e Bisecting: 7 revisions left to test after this (roughly 3 steps) [0227cc84c44417a29c8102e41db8ec2c11ebc6b2] usb: dwc3: core: don't do suspend for device mode if already suspended testing commit 0227cc84c44417a29c8102e41db8ec2c11ebc6b2 with gcc (GCC) 8.1.0 kernel signature: 57112114e78a3c4c4adad468a216963f5f6dd7ae01406307d8a93fa578a0691e run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: can't ssh into the instance # git bisect good 0227cc84c44417a29c8102e41db8ec2c11ebc6b2 Bisecting: 3 revisions left to test after this (roughly 2 steps) [95b18f28979e12539cc02f6ec4e2c776e8551f39] dt-bindings: usb: dwc2: add compatible property for rk3328 usb testing commit 95b18f28979e12539cc02f6ec4e2c776e8551f39 with gcc (GCC) 8.1.0 kernel signature: 9b15451305e58daa553b7ea0699af67c5c5cc6fe17ecc7b28f1181ab741cf9a3 run #0: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #1: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #2: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #3: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #4: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #5: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #6: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #7: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #8: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #9: crashed: INFO: task hung in fsnotify_connector_destroy_workfn # git bisect bad 95b18f28979e12539cc02f6ec4e2c776e8551f39 Bisecting: 1 revision left to test after this (roughly 1 step) [1a0808cb9e417170ed6ab97254cf319dc3e3c310] usb: dwc2: Implement set_selfpowered() testing commit 1a0808cb9e417170ed6ab97254cf319dc3e3c310 with gcc (GCC) 8.1.0 kernel signature: ba43d78fa55bc99888edad2521d41649bf348ba822affc0df0157904f36911b5 all runs: OK # git bisect good 1a0808cb9e417170ed6ab97254cf319dc3e3c310 Bisecting: 0 revisions left to test after this (roughly 0 steps) [f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10] usb: gadget: add raw-gadget interface testing commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 with gcc (GCC) 8.1.0 kernel signature: bf3e90445e8ff2261e7b0a10f5806f569b2a43c1856cecb70781639aefbd7dff run #0: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #1: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #2: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #3: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #4: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #5: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #6: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #7: crashed: INFO: task hung in fsnotify_mark_destroy_workfn run #8: crashed: INFO: task hung in fsnotify_connector_destroy_workfn run #9: crashed: INFO: task hung in fsnotify_mark_destroy_workfn # git bisect bad f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 is the first bad commit commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 Author: Andrey Konovalov Date: Mon Feb 24 17:13:03 2020 +0100 usb: gadget: add raw-gadget interface USB Raw Gadget is a kernel module that provides a userspace interface for the USB Gadget subsystem. Essentially it allows to emulate USB devices from userspace. Enabled with CONFIG_USB_RAW_GADGET. Raw Gadget is currently a strictly debugging feature and shouldn't be used in production. Raw Gadget is similar to GadgetFS, but provides a more low-level and direct access to the USB Gadget layer for the userspace. The key differences are: 1. Every USB request is passed to the userspace to get a response, while GadgetFS responds to some USB requests internally based on the provided descriptors. However note, that the UDC driver might respond to some requests on its own and never forward them to the Gadget layer. 2. GadgetFS performs some sanity checks on the provided USB descriptors, while Raw Gadget allows you to provide arbitrary data as responses to USB requests. 3. Raw Gadget provides a way to select a UDC device/driver to bind to, while GadgetFS currently binds to the first available UDC. 4. Raw Gadget uses predictable endpoint names (handles) across different UDCs (as long as UDCs have enough endpoints of each required transfer type). 5. Raw Gadget has ioctl-based interface instead of a filesystem-based one. Reviewed-by: Greg Kroah-Hartman Signed-off-by: Andrey Konovalov Signed-off-by: Felipe Balbi Documentation/usb/index.rst | 1 + Documentation/usb/raw-gadget.rst | 61 ++ drivers/usb/gadget/legacy/Kconfig | 11 + drivers/usb/gadget/legacy/Makefile | 1 + drivers/usb/gadget/legacy/raw_gadget.c | 1078 ++++++++++++++++++++++++++++++++ include/uapi/linux/usb/raw_gadget.h | 167 +++++ 6 files changed, 1319 insertions(+) create mode 100644 Documentation/usb/raw-gadget.rst create mode 100644 drivers/usb/gadget/legacy/raw_gadget.c create mode 100644 include/uapi/linux/usb/raw_gadget.h culprit signature: bf3e90445e8ff2261e7b0a10f5806f569b2a43c1856cecb70781639aefbd7dff parent signature: ba43d78fa55bc99888edad2521d41649bf348ba822affc0df0157904f36911b5 revisions tested: 16, total time: 3h55m25.09934163s (build: 1h44m53.862919689s, test: 2h9m27.711790406s) first bad commit: f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 usb: gadget: add raw-gadget interface cc: ["andreyknvl@google.com" "balbi@kernel.org" "gregkh@linuxfoundation.org"] crash: INFO: task hung in fsnotify_mark_destroy_workfn INFO: task kworker/u4:2:73 blocked for more than 143 seconds. Not tainted 5.6.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:2 D27880 73 2 0x80004000 Workqueue: events_unbound fsnotify_mark_destroy_workfn Call Trace: schedule+0xc4/0x2b0 kernel/sched/core.c:4154 schedule_timeout+0x56c/0x970 kernel/time/timer.c:1871 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x25f/0x3c0 kernel/sched/completion.c:136 __synchronize_srcu+0x18e/0x240 kernel/rcu/srcutree.c:922 fsnotify_mark_destroy_workfn+0xea/0x330 fs/notify/mark.c:832 process_one_work+0x903/0x15c0 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 INFO: task kworker/u4:6:512 blocked for more than 143 seconds. Not tainted 5.6.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:6 D26248 512 2 0x80004000 Workqueue: events_unbound fsnotify_connector_destroy_workfn Call Trace: schedule+0xc4/0x2b0 kernel/sched/core.c:4154 schedule_timeout+0x56c/0x970 kernel/time/timer.c:1871 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x25f/0x3c0 kernel/sched/completion.c:136 __synchronize_srcu+0x18e/0x240 kernel/rcu/srcutree.c:922 fsnotify_connector_destroy_workfn+0x40/0xa0 fs/notify/mark.c:164 process_one_work+0x903/0x15c0 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Showing all locks held in the system: 2 locks held by kworker/u4:2/73: #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: __write_once_size include/linux/compiler.h:226 [inline] #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline] #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline] #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline] #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: process_one_work+0x80f/0x15c0 kernel/workqueue.c:2235 #1: ffffc90001037e00 ((reaper_work).work){+.+.}, at: process_one_work+0x844/0x15c0 kernel/workqueue.c:2239 2 locks held by kworker/u4:6/512: #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: __write_once_size include/linux/compiler.h:226 [inline] #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline] #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline] #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline] #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: process_one_work+0x80f/0x15c0 kernel/workqueue.c:2235 #1: ffffc90001de7e00 (connector_reaper_work){+.+.}, at: process_one_work+0x844/0x15c0 kernel/workqueue.c:2239 1 lock held by khungtaskd/1121: #0: ffffffff88ba63c0 (rcu_read_lock){....}, at: debug_show_all_locks+0x52/0x28d kernel/locking/lockdep.c:5331 6 locks held by kworker/0:2/2666: 6 locks held by kworker/1:9/2681: 6 locks held by kworker/1:11/2698: 1 lock held by in:imklog/6560: #0: ffff8880a2206620 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x96/0xb0 fs/file.c:821 4 locks held by systemd-udevd/8431: #0: ffff888094b14f40 (&p->lock){+.+.}, at: seq_read+0x66/0x1010 fs/seq_file.c:161 #1: ffff8880a8d89880 (&of->mutex){+.+.}, at: kernfs_seq_start+0x44/0x160 fs/kernfs/file.c:111 #2: ffff8880a95900e8 (kn->count#68){.+.+}, at: kernfs_seq_start+0x6e/0x160 fs/kernfs/file.c:112 #3: ffff8880a4501200 (&dev->mutex){....}, at: device_lock_interruptible include/linux/device.h:776 [inline] #3: ffff8880a4501200 (&dev->mutex){....}, at: serial_show+0x1b/0x80 drivers/usb/core/sysfs.c:142 4 locks held by systemd-udevd/8434: #0: ffff8880a4420760 (&p->lock){+.+.}, at: seq_read+0x66/0x1010 fs/seq_file.c:161 #1: ffff888094f18480 (&of->mutex){+.+.}, at: kernfs_seq_start+0x44/0x160 fs/kernfs/file.c:111 #2: ffff8880a8dc4468 (kn->count#68){.+.+}, at: kernfs_seq_start+0x6e/0x160 fs/kernfs/file.c:112 #3: ffff8880a4bfd200 (&dev->mutex){....}, at: device_lock_interruptible include/linux/device.h:776 [inline] #3: ffff8880a4bfd200 (&dev->mutex){....}, at: serial_show+0x1b/0x80 drivers/usb/core/sysfs.c:142 4 locks held by systemd-udevd/8441: #0: ffff8880a35b1640 (&p->lock){+.+.}, at: seq_read+0x66/0x1010 fs/seq_file.c:161 #1: ffff8880a6fd3480 (&of->mutex){+.+.}, at: kernfs_seq_start+0x44/0x160 fs/kernfs/file.c:111 #2: ffff8880a6d68e08 (kn->count#68){.+.+}, at: kernfs_seq_start+0x6e/0x160 fs/kernfs/file.c:112 #3: ffff88809cc0f200 (&dev->mutex){....}, at: device_lock_interruptible include/linux/device.h:776 [inline] #3: ffff88809cc0f200 (&dev->mutex){....}, at: serial_show+0x1b/0x80 drivers/usb/core/sysfs.c:142 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1121 Comm: khungtaskd Not tainted 5.6.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.7+0x4b/0x83 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x183/0x1ac lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0x629/0xc70 kernel/hung_task.c:289 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 2666 Comm: kworker/0:2 Not tainted 5.6.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event RIP: 0010:hid_apply_multiplier drivers/hid/hid-core.c:1107 [inline] RIP: 0010:hid_setup_resolution_multiplier+0x30e/0xc80 drivers/hid/hid-core.c:1163 Code: c0 03 38 d0 7c 08 84 d2 0f 85 8d 07 00 00 41 83 7f 04 02 74 65 4d 89 c5 eb 2c 49 8d 7f 04 48 89 f8 48 c1 e8 03 42 0f b6 14 08 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e9 05 00 00 41 RSP: 0018:ffffc90007f6ec70 EFLAGS: 00000a07 RAX: 1ffff110141ae100 RBX: ffff888082020000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880a0d70804 RBP: 0000000000000000 R08: ffff8880a2868000 R09: dffffc0000000000 R10: 0000000000000323 R11: ffffc900044e40db R12: ffff8880a0d70800 R13: ffff8880a2868000 R14: ffffc900044c9000 R15: ffff8880a0d70800 FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f77d348c000 CR3: 000000008f2f4000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: hid_open_report+0x3b3/0x5d0 drivers/hid/hid-core.c:1274 hid_parse include/linux/hid.h:1017 [inline] ms_probe+0xeb/0x460 drivers/hid/hid-microsoft.c:388 hid_device_probe+0x260/0x350 drivers/hid/hid-core.c:2263 really_probe+0x1f9/0x5e0 drivers/base/dd.c:551 driver_probe_device+0xc9/0x1b0 drivers/base/dd.c:724 bus_for_each_drv+0x117/0x1a0 drivers/base/bus.c:431 __device_attach+0x1be/0x2c0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10d0/0x1900 drivers/base/core.c:2500 hid_add_device+0x2da/0x8b0 drivers/hid/hid-core.c:2419 usbhid_probe+0x9b5/0xe40 drivers/hid/usbhid/hid-core.c:1386 usb_probe_interface+0x268/0x6c0 drivers/usb/core/driver.c:361 really_probe+0x1f9/0x5e0 drivers/base/dd.c:551 driver_probe_device+0xc9/0x1b0 drivers/base/dd.c:724 bus_for_each_drv+0x117/0x1a0 drivers/base/bus.c:431 __device_attach+0x1be/0x2c0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10d0/0x1900 drivers/base/core.c:2500 usb_set_configuration+0xc02/0x1560 drivers/usb/core/message.c:2023 generic_probe+0x61/0x8a drivers/usb/core/generic.c:210 really_probe+0x1f9/0x5e0 drivers/base/dd.c:551 driver_probe_device+0xc9/0x1b0 drivers/base/dd.c:724 bus_for_each_drv+0x117/0x1a0 drivers/base/bus.c:431 __device_attach+0x1be/0x2c0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10d0/0x1900 drivers/base/core.c:2500 usb_new_device.cold.66+0x679/0xe85 drivers/usb/core/hub.c:2548 hub_port_connect drivers/usb/core/hub.c:5195 [inline] hub_port_connect_change drivers/usb/core/hub.c:5335 [inline] port_event drivers/usb/core/hub.c:5481 [inline] hub_event+0x15fe/0x2d60 drivers/usb/core/hub.c:5563 process_one_work+0x903/0x15c0 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352